Sourcefire VRT Rules Update

Date: 2012-03-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:21654 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Video invalid tag type attempt (specific-threats.rules)
 * 1:21647 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed record call to freed object attempt (specific-threats.rules)
 * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21646 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)
 * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21653 <-> ENABLED <-> WEB-CLIENT Adobe Flash ActionScript getURL target null reference attempt (web-client.rules)
 * 1:21655 <-> DISABLED <-> EXPLOIT Adobe Flash Video invalid tag type attempt (exploit.rules)
 * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21656 <-> ENABLED <-> EXPLOIT Apache Struts remote code execution attempt ParametersInterceptor (exploit.rules)

Modified Rules:


 * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:19811 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed record call to freed object attempt (specific-threats.rules)
 * 1:21583 <-> ENABLED <-> SPECIFIC-THREATS Possible malicious pdf detection - qwe123 (specific-threats.rules)
 * 1:18635 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed record call to freed object attempt (specific-threats.rules)
 * 1:21492 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)